How to perform a packet trace

Loading ...

Product:ExtremeZ-IP

Version:All

Document Type:Info

Revised:8/21/2008

Reviewed:8/21/2008

Summary:

Details steps to perform a packet trace of ExtremeZ-IP for diagnostic purposes.

Description:

ExtremeZ-IP has detailed debug logging facilities built in which can be used to diagnose customer problems in the field. However, in certain circumstances, it can be useful to perform a packet trace of data sent between an ExtremeZ-IP server and a Mac client in order to provide Group Logic Technical Support with additional information. This document describes how to perform this trace using free Macintosh and Windows tools.

Windows

1. Install EtherealThe latest version of the Ethereal application can be found directly at: Windows Ethereal. Make sure to install the required WinPcap as well.

Both installers should be self-explanatory – just choose all the default settings.

2. Set up a packet trace- Launch Ethereal- Go to Capture | Start- Under “Capture file(s)”, enter a path and filename, eg. “C:\packet.log”- Select “Use ring buffer”, number of files = 2- Rotate capture file every 5000 kilobytes. [NOTE: This option is toward thelower portion of the window and only appears after "use ring buffer" has beenselected. Do not enable the similar sounding option of "Rotate capture fileevery x seconds".]- Hit OK to begin packet trace

Note: if you have multiple network cards on the Windows server, you may need to select the appropriate card from the “Interface” pull-down.

Ethereal will now log all packets. It will write these packets to disk, writing continuously to two files, each a maximum of 5MB in size. In general, Group Logic Technical Support is usually interested in the last few packets that get sent to the Macintosh client, therefore, in the interest of saving hard drive space, we instruct Ethereal to continously write over older packets to keep the file sizes relatively small. (If we don’t do this, then all packets get written to disk. If the problem does not occur until we’ve transferred hundreds of megabytes of data, the packet log will be hundreds or thousands of megabytes in size.) In certain circumstances, it may be more effective to log all packets – in that case, do not select the “Use Ring Buffer” checkbox mentioned above.

3. Perform the action that causes the problematic ExtremeZ-IP behavior.

4. Stop the capture.After the behavior has occurred, stop the capture, exit Ethereal and send Group Logic Technical Support the resulting packet logs (there should be two of them with names like “packet_00002_20030903092141.log”).